virtual PMU is unsupported

ISSUE DESCRIPTION The Virtual Performance Measurement Unit feature has been documented as unsupported, so far only on Intel CPUs. Further issues have been found or are suspected which would also or exclusively affect AMD CPUs. We believe that the functionality is mostly intended for non-productio...

DEBIAN-CVE-2015-0272

GNOME NetworkManager allows remote attackers to cause a denial of service IPv6 traffic disruption via a crafted MTU value in an IPv6 Router Advertisement RA message, a different vulnerability than CVE-2015-8215...

Code injection

The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors...

CVE-2015-8222

The CVE-2015-8222 issue affects the Ubuntu lxd package prior to 0.20-0ubuntu4.1. The lxd-unix.socket systemd unit file assigns world-readable permissions to /var/lib/lxd/unix.socket, enabling local users to gain privileges via unspecified vectors. This is evidenced in multiple sources (Ubuntu/Deb...

Fourth, a 16-year-old Hacker, Arrested over TalkTalk Hack

Police have arrested a fourth person, a 16-year-old boy, from London in connection with the high-profile hack of British telecoms giant TalkTalk. The investigating officers from the Metropolitan Police Cyber Crime Unit MPCCU arrested the teenager at his home in Norwich on suspicion of Computer...

TalkTalk Hack: Police Arrest Second Teenager in London

British Police have arrested a second teenage boy in relation to the major hack on the servers of UK-based telco 'TalkTalk' last week. On Monday, a 15-year-old boy first arrest from County Antrim, Northern Ireland, was arrested in connection with the TalkTalk Data Breach. On Thursday, The...

Hackers Find A Way To Disable Car Airbags System

Car Hacking is a hot topic today. Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means that a majority of car's functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator. No doubt these...

Cross site scripting

Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php...

CVE-2015-6584

Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php...

UBUNTU-CVE-2015-0272

GNOME NetworkManager allows remote attackers to cause a denial of service IPv6 traffic disruption via a crafted MTU value in an IPv6 Router Advertisement RA message, a different vulnerability than CVE-2015-8215...

net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables

It was discovered that the snmppduparse function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd...

chromium-browser: Use-after-free related to unexpected GPU process termination in unspecified

Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown,...

CVE-2015-5374

CVE-2015-5374 affects Siemens SIPROTEC 4/Compact devices with EN100 Ethernet modules (PROFINET IO, Modbus TCP, DNP3 TCP, IEC 104 firmware) and SIPROTEC 6MU80 integration. The flaw is an improper input validation that allows specially crafted UDP packets to port 50000 to cause a denial-of-service,...

chromium-browser: Scheme validation error in WebUI

content/browser/webui/contentwebuicontrollerfactory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as...

OpenSSL Heartbleed 漏洞 (心脏出血)

OpenSSL“心脏出血”漏洞是一个非常严重的问题。这个漏洞使攻击者能够从内存中读取多达64 KB的数据。一些安全研究员表示：无需任何特权信息或身份验证，我们就可以从我们自己的（测试机上）偷来X.509证书的私钥、用户名与密码、聊天工具的消息、电子邮件以及重要的商业文档和通信等数据。这一切是如何发生的呢？让我们一起从代码中一探究竟吧。0x01 Bug请看ssl/dlboth.c，漏洞的补丁从这行语句开始：int dtls1processheartbeatSSL s unsigned char p = &s-s3-rrec.data0, pl; unsigned short hbtype;...

FreeBSD : chicken -- buffer overrun in substring-index[-ci] (e7b7f2b5-177a-11e5-ad33-f8d111029e6a)

chicken developer Moritz Heidkamp reports : The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...

Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability

A vulnerability in the IP version 6 IPv6 processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit NPU and a reload of the line card processing an IPv6 packet. The...

IDS RTU 850 Series Directory Traversal Vulnerability

The NC854 and NC856 modules for IDS RTU 850C devices are communication modules for use in automation and remote control devices from IDS Germany. A directory traversal vulnerability exists in the NC854 and NC856 modules for IDS RTU 850C devices. A remote attacker can read arbitrary files with the...

Cisco TelePresence IP VCR Detection

Nessus has determined that the remote host is a multipoint control unit video teleconferencing device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid83768; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Cisco TelePresence IP VCR Detection";...

[ MDVSA-2015:211 ] glusterfs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:211 http://www.mandriva.com/en/support/security/ Package : glusterfs Date : April 27, 2015 Affected: Business Server 2.0 Problem Description: Updated glusterfs packages fix security vulnerability: glusterfs...